Myself and Shane MacDougall spoke of trustmarks at both BSidesLV and Toorcon several years ago, introducing a tool against some industry backlash, Oizys, to troll through all the trustmark placeholders we could find, logging when detecting a change in the trustmark during subsequent runs. Typically there were several reasons why a trustmark would change: the site was no longer secure from the perspective of the vendor scan tool (modified nessus?), or maybe the vendor was no longer under contract (the bill hasnt been paid to the vendor). The easiest thing to look for was a transparent gif where previously there was a non-transparent one. This can also be done with your favorite search engine, with some thought, but i am glad to see this getting some additional attention.
the engine also used OCR to parse timestamps within the rendered trustmark image, and log when the image was past a certain amount of days. it was also possible to generate spoofed trustmarks using the same method and we did that too.